Ever have an instance when making changes to one Active Directory Domain Controller and it doesn’t propagate to other domain controllers? In this post I’ll show you how to check the sync health of your domain controllers and how to fix it if it’s broken.
First step is running the following command to check Replication Health: (Can be run from Domain Controller or any computer with AD remote admin tools) Repadmin /replsummary
If you see any fails here you should be able to pinpoint which server is either down or having replication issues. Also, if you have a domain controller that has become tombstoned due to replication becoming out date, here is a good write up on how to fix that.
After fixing replication issue go back and check replication status. Repadmin /showrepl
In our case the replication status looks good. If you were to see errors here you would need to start troubleshooting the errors. In my experience this could be as simple as having a down AD domain controller.
The last command checked to see if replication connections were working. Now we’ll actually replicate between all of the domain controllers. Repadmin /syncall
We shouldn’t have any errors after checking the replication status in the previous command.
Now that we know our domain controllers are able to replicate we need to recalibrate the topology by running this command.
Repadmin /KCC
In this article I went over some troubleshooting commands you can run to narrow down your AD repliation issues and provided some guidance on remediation. Hope this helped.